Cisco Systems issued seven security updates yesterday, all of which patched vulnerabilities in the networking giant’s internetwork operating system (IOS), the software it deploys on the majority of its routers and network switches.
The vulnerabilities should all be considered critical with all but one of them receiving scores of 7.8 from the critical vulnerability scoring system. The outlier rated in at 7.1, which is also considered critical.
The first patch addresses a problem in the way that Cisco IOS implements IP service level agreements (SLA) that could allow an unauthenticated, remote attacker to cause reloads on vulnerable devices or, in the event of a sustained attack, create denial of service conditions.
The next fix resolves an issue in the software’s implementation of virtual routing and forwarding aware network address translation feature, particularly when translating IP packets. Successful exploitation could cause a reduction of memory on affected devices in the short term, while a sustained attack could also lead to a DoS condition, eventually causing an affected device to become unresponsive and, in some cases, non-operational.
The bulletin also provides a fix for the smart install client feature, which contains a vulnerability that could be exploited to cause a device reload and eventually a sustained DoS condition.
Cisco’s IOS protocol translation feature is receiving a patch as well. It too could be exploited to a reload and eventually a DoS condition.
The IOS software was beset with a memory leak vulnerability that an attacker could set off while processing a malformed session initiation protocol message. If unpatched, an attacker could cause a memory leak that could in turn lead to reloads and eventually a DoS scenario , but, of course, Cisco supplied the fix for that.
They fixed another DoS vulnerability in the IOS software key exchange feature. Like the bug above, this one starts out as a memory leak but can lead to a DoS.
Finally, Cisco resolved a resource reservation protocol flaw in its IOS XE software that could allow an unauthenticated, remote attacker to cause a reload of and eventually a DoS condition on devices with multiprotocol label switching with traffic engineering enabled.
